Fortinet Community

marypoppins · 05-20-2022

Dear All, I would like to know if during the hello-holddown's 'hello state' there is forwarding traffic, or it only happens after this timer reaches the working state. (the name 'working' suggests there is no forwarding (only ha) before it and it mea...

marypoppins · 09-27-2021

Dear All, On my fortigate I have a mgmt interface with ip 10.10.0.1/24 in vlan10, which is also the reserved HA management interface and here in HA there is a gateway for this: 10.10.0.254. If I work from the ip 192.168.0.50 and administer the HA clu...

marypoppins · 09-23-2021

Dear All, Is there any way to use dnat without a vip? I have the following situation:clients pc --- fortigate ---- other device --- 192.168.5.5 |_ 192.168.6.6I would like to achieve:a) - A client with ip 10.10.10.10 if want to go to dst:192.168.5.5 t...

marypoppins · 09-20-2021

Dear All, A would like to ask if you can see the following in a session (redis in state, and no_ofld_reason: redir-to-av), is that means the traffic is redirected to antivirus feature? state=redir local may_dirty src-vis nlbmisc=0 policy_id=480 auth_...

marypoppins · 08-17-2021

Dear All, I would like to ask what is the relationship between the local-in-policy and the dedicated management interface? For example if my mgmt interface has allowaccess ssh, https for a trusted host, is a "deny src_ip=all dst_ip=mgmt_ip (or just d...

marypoppins · 05-20-2022

Hello,"Then I have entered just 'set' and hit enter to see a list of all commands but it did not show any command list."After typing 'set' command, don't you should type a question mark to see available possibilities (and not enter again)

marypoppins · 09-27-2021

I don't want to try it in a production environment.The routing table doesn't include any info about the gateway included in the HA section. Also I can not find it in any policy routing. I'm not sure when it is used and why not shown in the routing ta...

marypoppins · 09-26-2021

There is no two host with the same ip address in this scenario. There is a router/fw which forward the packets, and if the dst address is the host with ipA for a packet then it forwards that packet to an other destination. With other words the extern...

marypoppins · 09-24-2021

Thank you for answering me. However in my case the load balancing is unnecessary. But you helped me a lot, because I finally i saw your link a line, which is the solution:set arp-reply disable Thank you

marypoppins · 09-20-2021

Update: sorry, I found that the handshake was successful on the output side (bad mistake other side was turned off pfff), however, the data (packets with push flag on) seems to be filtered out yet. So the question remains. I checked the full config I...

Fortinet Community

User Statistics

User Activity

Fortigate failover hello-holddown question

mgmt port gw

dnat without vip

redir-to-av

local-in-policy and management interface relation

Re: edit Local-in-policy

Re: mgmt port gw

Re: dnat without vip

Re: dnat without vip

Re: redir-to-av

News & Articles

Security Research

Company

Contact Us